Mitigating Cheating & Voter Fraud in Online Contests…

We run online contests of various sorts that involve users voting on entries (usually one vote per user per day). The prizes range from hundreds to thousands of dollars. Over the last four years we have encountered a number of ways people try to cheat, and have implemented couter-measures in each case. As it stands, we use the following measures:

Authentication
A user must create an account and authenticate (log in). This rules out anonymous vote stuffing.

Email Confirmation
A user must confirm their email address by clicking a link in a system email to confirm they own and have access to their address. This rules out creating accounts en masse using random (not necessarily valid) email addresses. It also slows down the process a little for one account, and a lot if you're trying to create many.

No Gmail Address Aliases
Users cannot use instant alias addresses such as localpart+suffix@gmail.com. That slows down potential cheaters.

Additional Measures
We routinely audit our signups and voting rosters for strings of email addresses that come from the same private domain (user1@smithfamily.com, user2@smithfamily.com, etc.). We also look for similar names, usernames, and "local-parts" of email addresses across domains.

Needless to say, this is all exhausting and getting harder and harder to scale up. We need a simpler solution to ensure that we get a lot closer to "one person, one vote" in our contests, while not burdening the user beyond need in the process.

SMS Pin Verification

We assume that the typical user has no more than one mobile number. By allowing them to send a pin to their mobile phone via SMS text message, we could verify that the associated account were unique. (We would only allow one account per mobile phone.) If the user doesn't have a mobile phone or is not receiving the SMS message, they would be able to call us during business hours for a manual validation.

Is account verification via SMS text message asking too much of users wanting to vote in an online contest? Have we overlooked better solutions?

UPDATE

We decided to forego SMS verification. Instead, we have a number of ways to detect bad signups and eliminate them, leaving us with (mostly) trustworthy accounts.

Will many users be creating accounts solely to enter one vote or are they all return visitors? i.e. Personally I would be less likely to visit a site twice solely to make one vote.
–
KCDJan 10 '12 at 22:27

@KCD The contests generally are run as "vote once per day, come back every day." We get lots of supporters coming back to vote more than once. In the future we hope to include enough interest in the contests that people will return to vote for more than just their friends.
–
Taj MooreJan 10 '12 at 22:53

@BenBrocka - I think the important bit is the use of "+" to generate an apparently unique e-mail address that's actually the same as the base user@gmail.com.
–
ChrisFJan 10 '12 at 23:53

Exactamundo, @ChrisF! It created an easy way to have infinite addresses without creating them and cut down on time to cheat. All previous efforts were meant to slow down cheaters, but now we really just need to lock them out completely.
–
Taj MooreJan 11 '12 at 0:13

Oh, I misread it thinking it was no gmail addresses period not gmail aliases
–
Ben Brocka♦Jan 11 '12 at 3:06

4 Answers
4

First off, those who want to cheat will find a way to do so even if they have to vote in person. All you can do is make it as hard as possible because even with SMS verification people can have multiple mobile numbers, multiple Google Voice numbers, and nearly every GMail account can send & receive SMS with a unique phone number, too.

So the biggest question of them all is:
Can verification via SMS codes prevent more multi-voting than advanced filtering of emails & IPs?
It can be answered only in testing, which isn't cheap as explained below.

Short answer to the original question

Although SMS verification in online contests might have the better chance of deterring multiple votes by one person, it has significant negative impact on the business and on the UX. A better alternative is connecting to another online service that already relies on the principle of one account per user. Yet, the course of action is still decided by the ROI.

Long answer to the original question

This is actually not a purely UX problem because you're not only modifying the business process but are also introducing additional costs to it.

The UX side of the problem is easy. You are creating a form of CAPTCHA, an additional inconvenient step in the process designed to prevent unwanted behavior. Your situation difference from the traditional CAPTCHA uses in that 1) the unwanted behavior causes significant damage to the quality of the system and that 2) SMS codes take users away from the product. Moreover, depending on your SMS gate provider & the volume of messages, it may take several minutes to receive the code. This is likely to result in votes being abandoned midway and in an increase in user frustration inevitably leading to permanently reduced participation in activities.

Since voting abandonment is the result of the need to retrieve the verification code from another device, the only way to avoid this is to verify users while keeping them at their computers by using another online service. Unfortunately, there is no widely-used service that guarantees 1 account per person. There are people with multiple Facebook and Google accounts while LinkedIn's adoption is low. Thus, you may want to request authentication every time a person votes (in addition to keeping a record of a connected account).

If you decide to go with SMS verification after all, you have to consider that SMS aren't free to send and in the USA they aren't free to receive (tajmo, you're US-based, right?). As a result, you have to make proper disclosure about the costs, update the privacy policy on storing & using people's mobile numbers, and explain to the users how the whole thing works in plain English.

Thus, the business analysis of this solution's viability will rely on a number of criteria:

the actual costs of implementing SMS verification

the current volume of cheating and the expected improvement

the actual value of your prizes (i.e. whether they require such security)

the value of the prizes as your users perceive it (i.e. whether prizes are worth the effort & cost of SMS verification)

loss of active and/or voting users

In the end, only a positive ROI from the aforementioned criteria will be the green light for implementing SMS verification.

There's some limits on what SMS can be sent to Google Voice. I've had some services tell me that it wasn't a valid number. Talk to some of the gateway providers, such as Twilio, about the details.
–
dnbrvJan 11 '12 at 18:31

I hadn't considered Google Voice or other ways of receiving SMS texts. That potentially blows a big hole in my original premise. How would someone receive texts at hundreds of Gmail accounts?
–
Taj MooreJan 11 '12 at 18:42

I tested Google Voice: you can only tie it to one physical mobile number; if you try to add it to another account, it deletes from the first one.
–
Taj MooreJan 11 '12 at 18:53

GMail SMS seems to have changed. It still is that your email has a phone number associated with it but nobody can't send you messages to it unless you've messaged them first from inside GMail. Google Voice can have at least 2 virtual numbers associated with it in addition to your physical mobile.
–
dnbrvJan 11 '12 at 19:02

I'm still looking for the hole with Google Voice. I don't see one. Do you?
–
Taj MooreJan 11 '12 at 19:29

If an account has enough inherent value a user will be more likely to put in the effort to verify it. Value isn't necessarily monetary (think stack exchange reputation). If necessary try a two tiered approach to avoid scaring away new users.

Basic unauthenticated - limited number of votes, lifetime or lower value of each vote

Go premium authenticated by one of a number of methods:

SMS code

Register credit card / make purchase

Unique postal address (you could even mail a code)

Phone code (automated phone call like Google Maps Places)

Register something like a device (suits mobile apps)

Do a certain amount of activity (e.g. posts on a forum)

If the offending is so high that a user will bother using an authentication method for each account for just one or two extra votes you will still have to look to merge duplicate accounts.

I like the idea of a limited account that lets people do something useful, although voting isn't something we could let them do right away, since they could just make 1,000 accounts to get 1,000 votes. But perhaps a waiting period could work.
–
Taj MooreJan 11 '12 at 2:18

I believe that SMS verification isn't much of a good idea since not many people have mobile phone with SMS capabilities. Also, many people are afraid that they might get spam (even if it stated that they won't get spam!)

It would be best to ask for a address (building number, street name, and ZIP code) that is used for verification purposes only because many people live in houses. The only downside is that homeless people well... (it's quite obvious)

Thanks, @tajmo. To turn it around, that means at least 28% of the legitimate user population will be turned away by a requirement for SMS verification. I say "at least", because you have to add in the number of non-mobile users. (That doesn't count the number of users who are reluctant to provide their mobile phone number, for fear of getting spam.)
–
D.W.Apr 26 '12 at 3:33

Please note that that number is only about the US. Numbers will differ for other parts of world, and the question does not state for what area or target group (also differences to be expected) he is designing the system.
–
AndréApr 26 '12 at 11:14

For something minor going for SMS verification might well be over the top. For a major prize then it could well be appropriate, and I can't see people objecting if you are offering something to the value of a thousand dollars or more. Perhaps you should only use the number for a one shot verification and then discard it afterwards to assuage any fears that people might have about you spamming them.

Another alternative is to only allow entries from accounts "in good standing". How you define this will depend on your site but it should include activities that only a human would do: